OAuth 2; AML
Facebook Twitter LinkedIn

High-security & interoperable OAuth 2: What's the latest?

Combined Session
Wednesday, May 10, 2023 17:30—17:45

OAuth is a widely used authorization framework that enables third-party applications to access resources on behalf of a user. However, it has been historically difficult to meet very high security and interoperability requirements when using OAuth. Daniel and Joseph have spent much of the last five years working to improve the state of the art and will present the latest developments in the field.

There are challenges when trying to achieve high security and interoperability with OAuth 2: Many potential threats need to be addressed, some not part of the original OAuth threat model. To seamless authorizations, optionality must be minimized OAuth itself and also in any extensions
used.

Six years ago, the IETF OAuth working group started work on the Security Best Current Practice document and more recently on OAuth 2.1. Meanwhile, the OpenID Foundation has created FAPI1 and FAPI2 security profiles.

We will introduce these specifications and help you understand the focus of each document and when to use which. We show how to achieve on-the-wire interoperability and high security through the use of techniques like asymmetric client authentication and sender-constraining via DPoP and MTLS. We highlight the benefits for implementers and the role of conformance testing tools.

Dr. Daniel Fett
Dr. Daniel Fett
Daniel holds a Ph.D. in Computer Science for the development of new methods for analyzing the security of web standards. Leveraging this background, he has worked for the past several years to...
Joseph Heenan
Joseph Heenan
Authlete Inc
Joseph is a software engineer & architect with over 25 years’ experience, who started writing mobile apps before mobile apps existed. He contributes to IETF and OpenID Foundation working...

Tickets

Hybrid Ticket
Experience the full conference
€1300
€2500
till March 31st
Whole conference (May 09-12, 2023)
Choose if you want to attend on-site or participate online
Access to live sessions, expo-area & networking events on-site
Access to online event platform to view live- & online streams
Access to the virtual expo area
(Video-) Chat and interact with all attendees on-site and online
Virtual Ticket
Full virtual experience
€700
€1300
till March 31st
Whole conference (May 09-12, 2023) online
Access to online event platform to view live streams
Access to the virtual expo area
(Video-) Chat and interact with all attendees on-site and online
Have you participated in our events?
Contact us to get a special discount
Other ways to attend
Young Talents -
student program
Register and apply
Journalists &
Bloggers
Confirm press accreditation
Subscribe for updates
Please provide your email address